RE: Real world bgp issues

From: Joel Amao (femmy79@hotmail.com)
Date: Sun Mar 09 2008 - 03:51:06 ARST

• Next message: Gary Duncanson: "Re: How to Become a CCIE v2"
• Previous message: Himawan Nugroho: "How to Become a CCIE v2"
• Maybe in reply to: Joseph Brunner: "Real world bgp issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If the goal to ensure AS414 has both the more specific (/29 ) as well as the
/24 routes, then you might want to consider allowing only the /24 to be
advertised to AS65500 and then use the bgp inject map feature that was earlier
suggested . Also, you should use the "remove private AS" outbound to AS414.
That would take care of any AS path info from 65020.

Your comments suggests you tried all this but it didnt work. Maybe its because
of the ios version. It appears to be working in 12.4(16).

*With R3(65500) receiving only the /24 route from R1(65020)*

R1-----192.168.1.0/30------------R3------172.16.1.1/30------------R2

 R1 in AS 65020, R3 in 65500 and R2 in 414.

Final output on R2(AS#414) is shown below (65020 is completly removed from the
picture);

R2#sh ip bgp | b Net Network Next Hop Metric LocPrf
Weight Path*> 198.100.2.0 172.16.1.2 0 65500
i*> 198.100.2.2/32 172.16.1.2 0 65500 i*>
198.100.2.8/29 172.16.1.2 0 65500 i*>
198.100.2.16/29 172.16.1.2 0 65500 i*>
198.100.2.24/29 172.16.1.2 0 65500 iRack1R2#

Relevant config:

R1

router bgp 65020 no synchronization bgp log-neighbor-changes network
198.100.2.0 network 198.100.2.0 mask 255.255.255.248 network 198.100.2.8 mask
255.255.255.248 network 198.100.2.16 mask 255.255.255.248 network 198.100.2.24
mask 255.255.255.248 network 198.100.2.32 mask 255.255.255.248 network
198.100.2.40 mask 255.255.255.248 neighbor 192.168.1.2 remote-as 65500
neighbor 192.168.1.2 prefix-list TEST out no auto-summary!
ip prefix-list TEST seq 5 permit 198.100.0.0/16 le 24

R3

router bgp 65500 no synchronization bgp log-neighbor-changes bgp scan-time 5
bgp inject-map LONGER exist-map SHORTER neighbor 172.16.1.1 remote-as 414
neighbor 172.16.1.1 remove-private-as neighbor 192.168.1.1 remote-as 65020 no
auto-summary

ip prefix-list 23 seq 5 permit 198.100.2.0/24! ip prefix-list 24 seq 5
permit 198.100.2.2/32ip prefix-list 24 seq 10 permit 198.100.2.8/29ip
prefix-list 24 seq 15 permit 198.100.2.16/29ip prefix-list 24 seq 20 permit
198.100.2.24/29! ip prefix-list SOURCE seq 5 permit 192.168.1.1/32!
route-map LONGER permit 10 set ip address prefix-list 24 set origin igp!
route-map SHORTER permit 10 match ip address prefix-list 23 match ip
route-source prefix-list SOURCE

......................
R2
........................
router bgp 414 no synchronization bgp log-neighbor-changes neighbor 172.16.1.2
remote-as 65500 no auto-summary!

!

Joel Amao
CCIE#18128

> From: joe@affirmedsystems.com> To: sadiqtanko@gmail.com> CC:
ccielab@groupstudy.com> Subject: RE: Real world bgp issues> Date: Sat, 8 Mar
2008 18:54:20 -0500> > Thanks Scott V. for the suggestion to make
"remove-private-as" outbound on> RTR1, here is the results... (172.24.1.85 is
RTR1)> > > I tried "remove-private-as" on RTR1> > RTR2#sh ip bgp | inc 199.79>
*> 198.74.60.0/29 172.24.1.85 0 0 65020 i> * 198.74.60.0 0.0.0.0 32768 i> *>
198.74.60.24/29 172.24.1.85 0 0 65020 i> *> 198.74.60.48/29 172.24.1.85 0 0
65020 i> *> 198.74.60.56/29 172.24.1.85 0 0 65020 i> *> 198.74.60.160/27> > So
as you can see the 65020 is still in the path and towards RTR3> >
VPN39B-EXT-INT-01#sh ip bgp nei 172.19.255.165 advertised-routes | inc>
199.79> *> 198.74.60.0/29 172.24.1.85 0 0 65020 i> *> 198.74.60.0 172.24.5.17
0 32768 i> *> 198.74.60.24/29 172.24.1.85 0 0 65020 i> *> 198.74.60.48/29
172.24.1.85 0 0 65020 i> *> 198.74.60.56/29 172.24.1.85 0 0 65020 i> *>
198.74.60.160/27> > (my AS 65500 will be added once its finally off RTR2,
cisco swears they are> still going to fix the "show ip bgp" commands to show
you what will be> sent...)> > I guess remove-private-as doesn't work on
routers running private AS's them> selves... time to get back into my BGP
lab...> > Sadiq, I tried the bgp inject-map, but I cant get it work when the>
Matching route source = locally injected. The /24 is created by a network>
Command matching a static route on RTR2. the route-map match route source >
Prefix list didn't like 0.0.0.0/32 or the next hop of 172.24.5.17 (RTR1) or>
anything else... so I wonder if you can use the inject-map if the route your>
matching is LOCALLY created...??!?!> > Well, in the end I cleaned it up a bit
and went with redis static matching a> route-map that checks with a
prefix-list for which static routes to import,> of course, in that route-map I
"set origin igp" so everyone doesn't see> routes with a ? as the source!> >
Thanks for the feedback gentlemen,> > -Joe> > > > > > -----Original
Message-----> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf Of> Sadiq Yakasai> Sent: Saturday, March 08, 2008 5:31 PM> To: Joseph
Brunner> Cc: Cisco certification> Subject: Re: Real world bgp issues> >
Interesting experience there Joe :)> > As for point 1) Yes, you can only
remove private AS's on the point or> are interfacing with the non-private AS,
if I remember my practice> labs well.> > Just out of curiousity, why did you
not consider using bgp route> injection on RTR2 to inject the /29 routes since
you have a /24> covering these specifics routes in the BGP table, and this
would have> 65500 as the originating AS number. Or is this part of the rules
that> you cannot do?> > Sadiq> >

• Next message: Gary Duncanson: "Re: How to Become a CCIE v2"
• Previous message: Himawan Nugroho: "How to Become a CCIE v2"
• Maybe in reply to: Joseph Brunner: "Real world bgp issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:52 ART